On Friday, 19 January 2018 14:49:58 CET Sebastian Kügler wrote: > I'd like to collect some more input from the wider KDE community about our > privacy goal for the next years. If you're unsure what I'm talking about, > please have a look at https://vizzzion.org/blog/2017/11/kdes-goal-privacy/
Here are some thoughts on threat models for this, as a possible way to better capture what we want to achieve. (1) Public Wifi Assume anyone can see your Wifi network traffic (e.g. via recent vulnerabilities in WPA2). Using your device in such an environment should be safe and not compromise your privacy any more compared to using a wired network at home. Possible counter-measures: Encrypted communication, VPN. (2) Stolen Device Assume your device gets stolen in a switched off or locked screen state. This should not result in a disclosure of personal data. Possible counter-measures: Local encryption. (3) Mega Corporations ("Google") It should be possible to enjoy the benefits of state-of-the-art consumer electronics, communication and content without individual companies creating detailed user profiles. Possible counter-measures: Free alternatives for proprietary services. (4) Global Surveillance ("NSA") Assume the entire Internet traffic being recorded, as well as deliberate attempts to break or weaken encryption. Possible counter-measures: State of the art encryption, minimize network communication, Tor. (5) Targeted Surveillance ("Snowden") Could be politically motivated or industrial espionage, by an actor with significant skill and resources. Possible counter-measures: ??? What else? Which of those do we want to address? Do you think that's a useful approach to guide/validate our work? Regards, Volker
signature.asc
Description: This is a digitally signed message part.